Recommended Posts

This script is intended to be used during the imaging process, when installing or reinstalling Windows on corporate machines. It will reset the Local Windows Admin account password, as well as update Passwordstate with this new password.

This script has only so far been tested manually with Powershell, but the idea is to insert it into a SCCM Task Sequence, so when a machine get imaged or re-imaged, the local Administrator account is update at the same time. If inserting it into a SCCM task sequence, it needs to be added after the machine has been added to the domain.

Prerequisites:

You must have Passwordstate 8 installed and it should be contactable from the machine you are deploying Windows to.

Overview of What Script Does:

It identifies the Host name it is running on automatically, and searches for this Host in Passwordstate. If it doesn't already exist, it adds it to the system

It searches for a Passwordstate record for the Local Administrator account. If it doesn't find one, it adds one into the system and sets it up to perform automatic resets

It finally updates the Password for the account in Passwordstate, which in turn triggers an actual reset of the password for the account on the machine

There are some variables you will need to change in this script in order for it to work in your environment. I've taken a screenshot of the script and pasted it below, but basically you'll need to change the variables on lines 9 - 19. In theory, these should only have to be changed as a once off process, and instructions on how to find the values of each of the variables are commented inside the script:

If anyone has any issues with this script, or improvements to suggest, please report back here. One thing we may look at doing is modifying the script to remove the need for API keys, and using the Windows Authentication API instead.